Applebee’s has discovered and removed malware on point of sale (POS) systems across nearly 170 restaurant locations, according to a security & data incident notice from parent company RMH Franchise Holdings.

Based on a third-party forensics investigation, RMH believes that malware placed on the point-of-sale system at certain RMH-owned and -operated Applebee’s restaurants was designed to capture payment card information, and may have affected a limited number of purchases made at those locations, the company says.

The exact breach dates vary by location. A dropdown menu on RMH’s breach notification site lists the locations and dates of each malware incident. Payments made online or using self-pay tabletop devices were not affected by this incident, the company says.

RMH is offering some general guidance to help customers protect themselves against credit card fraud, including links to agencies that can activate credit freezes and lock down accounts. But the company did not offer any free credit freezing services.